Jump to content
Search In
  • More options...
Find results that contain...
Find results in...

mynameisjuan

Member
  • Content Count

    3,893
  • Joined

  • Last visited

Awards


This user doesn't have any awards

About mynameisjuan

  • Title
    Veteran

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Gotcha, I read it as 2 lines with 4g. My bad
  2. There are routers that can do all of that, such as Mikrotik. I am curious as what you need such redundancy for? 2 ISPs and a 4g plan is going to run you quite a bit a month and depending on your use, the 4g could run you $$$ during major outages even like you just had. Point being is even large companies only begin looking at 3 WANs during zero-downtime situations, like a min=$5,000 of loss
  3. That does not result in redundancy. The coax being split still leads to the same line card and if that is what was down due to maintenance then both modems are still going down. You want two independent lines from different providers
  4. Thats sad to hear man. I am sorry for the situation you are in. I wish I had an answer around it but BGP is the backbone of the internet and once countries begin filtering, there is nothing that citizens can do to get around it without risking jail time or even worse...
  5. What they did was filter IP space advertised in BGP to any peer outside of Iran. This essentially marooned off Iran from the world while still leaving government sites reachable. This wasnt simply blocking IPs to certain websites, the world literally did not know how to reach Iran. There is no way around this unless you have access to satelite internet or soon, Starlink.
  6. Cat5e can do 10gig up to 30m or so but 10gig routing is a whole other ball game and will be shelling out $1k+for a router that can router 10gig and forget VPNs at 10gig. I would stick with Netgate as you will also have support and warranty.
  7. You dont need much in terms of power to push even a gig VPN. Netgate is even better at this because the use of ASICs. What speeds do you actually need with a VPN?
  8. Stuff like this isnt allowed on this forum and is against rules. If they are blocking your MAC address its for a reason.
  9. Agree on that point. Even simpler is just directly connect the web server to the PFsense, set the subnet, setup zones and deny all between the web zone and internal zone and call it a day. That is also something to take into account.
  10. Im guessing information is getting all mixed up. 1. If you just want to route from PFsense to USG - Set the subnet statically on the PFsense interface facing the USG - Do the same for the same subnet on the USG WAN interface - Done There routing is done via connected interfaces, AKA the way routers route. This is going to lead to double NAT issues. But basically if PFsense goes down, nothing internal is affected. 2. You should just go PFsense or USG. Personally I would go PFsense because I hate Ubiquiti but that is your call. You have switches behind the USG with internal DHCP. The main reason behind DDoS and your proposed setup is when the firewalls tend to be much weaker and cannot handle the DDoS at your provided bandwidth. This is why in the professional space routers tend to be ahead of the firewalls because they can handle the load with l3/4 filtering and the firewall (USG in your case) will see little impact. This really only applies to a much larger scale, not home use.
  11. If you want to have the USG take over routing if PFsense fails you're going to need to use VRRP
  12. If DHCP is being handled internally, not by PFsense or the USG, then there is nothing to worry about as long as the switches stay up and are connected (which doesnt appear to be in the diagram) If DHCP is being handled by either the PFsense or USG, set the lease for a week or something well within the time that you can get it back up and running. This will keep current devices functioning at least.
  13. You can, even on the same subnet. RFC for DHCP is to send out an ICMP prior to giving out an address and if a response is received, a new address is chosen and repeated. But key is the devices need to respond to ICMP which by default tend not to. Not saying problems can arise out of it, especially is Ubiquiti decides to **** with protocols like they like to do
  14. There is no routing involved with basic switches
  15. Those splitters separate the pairs, 2 pairs to one port and 2 pairs to the other. This means you can only get 100mbps off each port. You will then need a second one on the router end. The bad reviews tend to be from people not understanding this doesnt magically make 1 port on the router/switch into 2. When I was an installer I ran into this setup all the time because people were lazy and didnt want to run two cables. I would just suggest getting a cheap unmanaged 5-port Netgear switch. They are pretty much bullet proof.
×